Google Dork for instant bounties

Ravaan
3 min readMar 28, 2022

HEY! Amazing hackers, let’s talk about instant bounties, the low-hanging fruits. Google Dorking is very powerful and yet people do not like to generally use it in their workflow. Any experienced hunter will tell you that this is one of the quickest ways to know around a system.

What is Google Dorking?

Google Dorking, is a hacker technique that uses Google Search and other Google applications to find security holes in the configuration and computer code that websites are using. Google Dorking could also be used for OSINT to find larger vulnerabilities and chain them to get a better bug.

Google dorks used by me:

Some are stolen from various talks while others are modified, but most are custom-made. Let's first discuss tools I use:

Pentest Secrets- Google dorks:

Uses 14 different dorks ranging from publically exposed documents to log files and even directory listing.

Pretty self-explanatory

CUSTOM DORKS:

inurl:.gov password | credential | username filetype:log

This dork checks for password, credential and username in a log file, used .gov as an example, change it to your target.

inurl:nokia not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:pdf

All-time favorite and a worker, i have reported so many using this, again it searches for confidential data within pdfs. QUICK TIP: Try it out with other targets and I'm sure you’ll find something, make sure to check for confidentiality before reporting.

PS: I have taught this to a bunch of noobs and they have reported everything with Nokia but try it with others :)

FLEX

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private | WS_FTP | ws_ftp | log | LOG filetype:log

Another log hunter but its better than most tools which actually gives bugs:)

Spitting my notes out:

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:xls

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:csv

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:doc

inurl:.gov not for distribution | confidential | “employee only” | proprietary | top secret | classified | trade secret | internal | private filetype:txt

CONCLUSION:

Are these effective? Yes, with a large company you will find something at least a foothold, keep track of the URLs, i have found multiple IDORS on many occasions. Use this and again a disclaimer if you find stuff, report it.

That’ll be all for today, keep trying out on different hosts and you’ll be good to go- Ravaan:)

Discord:

https://discord.gg/z8zvwUDMup

--

--

Ravaan

Red Teamer/BBHH. APPLE HOF ADOBE HOF, Governments to fortune 500 companies, UN. Reaseacher/Malware. CVE Hunting. Bookworm. CEH(prac)